<?php
defined('IN_YuLin') || exit('NO PERMIT!');
$table = Table('user_mail');
$table_user = Table('user');
$letter_id = intval($_GET['id']);
$letter_id and $arr = $db->getrow('SELECT * FROM '.$table.' WHERE id = '.$letter_id);
if(IS_POST){ 
    $letter_id = intval($_POST['letter_id']);
    $user = $db->getrow('SELECT * FROM '.$table_user.' WHERE username = "'.NoBadStr($_POST['recipient']).'"');
    $user and $data['recipient_uid'] = $user['id'];
    $data['recipient'] = NoBadStr($_POST['recipient']);
    $data['sender_uid'] = $_SESSION['admin']['id'];
    $data['sender_name'] = $_SESSION['admin']['username'];
    $data['title'] = NoBadStr($_POST['title']);
    $data['content'] = NoBadStr($_POST['content']);
    $_POST['level'] and $data['user_grade'] = implode(",", $_POST['level']);
    $data['dateline'] = time();
    if($letter_id){
        $res = $db->exec('UPDATE '.$table.' SET '.CreateUpdateSql($data).' WHERE id = '.$letter_id);
    }else{
        $res = $db->exec('INSERT INTO '.$table.CreateInsertSql($data));
    }
    ShowMsg('操作成功',U($m.'/letter'));
}

$tpl->display($m.'/'.$c);
